You would need to setup request handlers in solrconfig.xml to limit what types of queries people can send to SOLR (and define things like max page size, etc). You need to restrict people from sending update/delete commands as well.
Then at the minimum, setup some proxy in front of SOLR that you actually expose to outside world, something like HAProxy, which you can probably configure for things like max concurrent requests, etc. in order to mitigate denial of service attacks. On Nov 1, 2011, at 12:22 PM, Alireza Salimi wrote: > Hi, > > I was wondering if it's a good idea to expose Solr to the outside world, > so that our clients running on smart phones will be able to use Solr. > > If we decide to do this, what's the security concerns about it? > > For example, someone suggested we should limit the number of > rows requested in order to mitigate the attach of huge result set, > but I personally don't think it's a great idea, because a hacker > can run multiple queries simultaneously. > > Is there any good reference for this purpose? > > Regards > > -- > Alireza Salimi > Java EE Developer
